Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
rubygem-bundler-audit
rubygem-bundler-audit.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-bundler-audit.changes of Package rubygem-bundler-audit
------------------------------------------------------------------- Mon Nov 4 16:22:27 UTC 2024 - Dan Čermák <dan.cermak@posteo.net> - New upstream release 0.9.2, see bundled ChangeLog.md ------------------------------------------------------------------- Thu Aug 4 13:00:44 UTC 2022 - Stephan Kulow <coolo@suse.com> updated to version 0.9.1 see installed ChangeLog.md ### 0.9.1 / 2022-05-19 #### CLI * Improve the readability of the suggested gem versions to upgrade to (pull #331). #### Rake Task * Fixed a regression introduced in 0.9.0 where the `bundler:audit` rake task was not exiting with an error status code if vulnerabilities were found. Now when the `bundler-audit` command fails, the rake task will also exit with the `bundler-audit` command's error code. * If the `bundler-audit` command could not be found for some reason raise the {Bundler::Audit::Task::CommandNotFound} exception. ------------------------------------------------------------------- Tue Jan 25 06:43:14 UTC 2022 - Stephan Kulow <coolo@suse.com> updated to version 0.9.0.1 see installed ChangeLog.md ### 0.9.0.1 / 2021-08-31 * Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6. (issue #319) ### 0.9.0 / 2021-08-31 * Load advisory metadata using `YAML.safe_load`. (issue #302) * Explicitly permit the `Date` class for Psych >= 4.0.0 and Ruby >= 3.1.0. * Added {Bundler::Audit::Advisory#to_h}. (pull #310) * Added {Bundler::Audit::Database#commit_id}. #### CLI * Added the `--config` option. (pull #306) * Added the `junit` output format (ex: `--format junit`). (pull #314) * Add missing output for CVSSv3 criticality information. (pull #302) * Include criticality information in the JSON output as well. (pull #310) * `bundle-audit stats` now prints the commit ID of the ruby-advisory-db. * Fixed a deprecation warning from Thor. (issue #317) #### Rake Task * Add the `bundle:audit:update` task for updating the [ruby-advisory-db]. (pull #296) * Aliased `bundle:audit` to `bundle:audit:check`. * Aliased `bundler:audit:*` to `bundle:audit:*`. * Rake tasks now execute `bundle-audit` command as a subprocess to ensure isolation. ------------------------------------------------------------------- Thu Jun 24 17:07:51 UTC 2021 - Stephan Kulow <coolo@suse.com> updated to version 0.8.0 see installed ChangeLog.md ### 0.8.0 / 2021-03-10 * No longer vendor [ruby-advisory-db]. * Added {Bundler::Audit::Configuration}. * Supports loading YAML configuration data from a `.bundler-audit.yml` file. * Added {Bundler::Audit::Results}. * Added {Bundler::Audit::Report}. * Added {Bundler::Audit::CLI::Formats}. * Added {Bundler::Audit::CLI::Formats::Text}. * Added {Bundler::Audit::CLI::Formats::JSON}. * Added {Bundler::Audit::Database::DEFAULT_PATH}. * Added {Bundler::Audit::Database.exists?}. * Added {Bundler::Audit::Database#git?}. * Added {Bundler::Audit::Database#update!}. * Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed} exception, if the `git pull` command fails. * Added {Bundler::Audit::Database#last_updated_at}. * Added {Bundler::Audit::Scanner#report}. * {Bundler::Audit::Database::USER_PATH} is now `Gem.user_home` aware. * `Gem.user_home` will try to infer `HOME`, even if it is not set. * {Bundler::Audit::Database#download} will now raise a {Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the `git clone` command fails. * {Bundler::Audit::Scanner#initialize}: * Now accepts an additional `database` and `config_dot_file` arguments. * Will now raise a `Bundler::GemfileLockNotFound` exception, if the given `Gemfile.lock` file cannot be found. * {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a `127.0.0.0/8` or `::1/128` IP address. * {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in {Bundler::Audit::Configuration#ignore}, which is loaded from the `.bundler-audit.yml` file. * Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}. * Removed `Bundler::Audit::Database::VENDORED_PATH`. * Removed `Bundler::Audit::Database::VENDORED_TIMESTAMP`. #### CLI * Require [thor] ~> 1.0. * Added `bundler-audit stats`. * Added `bundler-audit download`. * `bundler-audit check`: * Now accepts a optional `DIR` argument for the project directory. * `bundler-audit check` will now print an explicit error message and exit, if the given `DIR` does not exist. * Will now auto-download [ruby-advisory-db] to ensure the latest advisory information is used on first run. * Now supports a `--database` option for specifying a path to an alternative [ruby-advisory-db] copy. * Now supports a `--gemfile-lock` option for specifying a custom `Gemfile.lock` file within the project directory. * Now supports a `--format` option for specifying the desired format. `text` and `json` are supported, but other custom formats can be loaded. See {Bundler::Audit::CLI::Formats}. * Now supports a `--output` option for writing the report output to a file. * Prints both CVE and GHSA IDs. * Print all error messages to stderr. * No longer print number of advisories in `bundler-audit version`. ------------------------------------------------------------------- Fri Sep 25 13:43:31 UTC 2020 - Stephan Kulow <coolo@suse.com> updated to version 0.7.0.1 see installed ChangeLog.md ### 0.7.0.1 / 2020-06-12 * Forgot to populate `data/ruby-advisory-db`. ### 0.7.0 / 2020-06-12 * Require [thor] >= 0.18, < 2. * Added {Bundler::Audit::Advisory#ghsa} (@rschultheis). * Added {Bundler::Audit::Advisory#cvss_v3} (@ahamlin-nr). * Added {Bundler::Audit::Advisory#identifiers} (@rschultheis). * Updated {Bundler::Audit::Advisory#criticality} ranges (@reedloden). * Avoid rebasing the ruby-advisory-db when updating (@nicknovitski). * Fixed issue with Bundler 2.x where source URIs are no longer parsed as `URI::HTTP` objects, but as `Bundler::URI::HTTP` objects. (@milgner) ------------------------------------------------------------------- Sat Mar 2 15:07:09 UTC 2019 - Stephan Kulow <coolo@suse.com> - updated to version 0.6.1 see installed ChangeLog.md ### 0.6.1 / 2019-01-17 * Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0. ------------------------------------------------------------------- Thu Aug 3 19:06:21 UTC 2017 - coolo@suse.com - updated to version 0.6.0 see installed ChangeLog.md ------------------------------------------------------------------- Mon Feb 29 05:32:46 UTC 2016 - coolo@suse.com - updated to version 0.5.0 see installed ChangeLog.md ### 0.5.0 / 2015-02-28 * Added {Bundler::Audit::Task}. * Added {Bundler::Audit::Advisory#date}. * Added {Bundler::Audit::Advisory#cve_id}. * Added {Bundler::Audit::Advisory#osvdb_id}. * Allow insecure gem sources (`http://` and `git://`), if they are hosted on a private network. #### CLI * Added the `--update` option to `bundle-audit check`. * `bundle-audit update` now returns a non-zero exit status on error. * `bundle-audit update` only updates `~/.local/share/ruby-advisory-db`, if it is a git repository. ------------------------------------------------------------------- Thu Aug 20 12:38:14 UTC 2015 - astieger@suse.com - update to 0.4.0: * Require ruby >= 1.9.3 due to i18n gem deprecating < 1.9.3. * Added {Bundler::Audit::Advisory#osvdb}. * Resolve the IP addresses of gem sources and ignore intranet gem sources. * Use ISO8601 date format when querying the git timestamp of ruby-advisory-db. * Print the CVE or OSVDB id. * No longer print "Unpatched versions found!" when an insecure gem source is detected. ------------------------------------------------------------------- Mon Jun 29 10:24:00 UTC 2015 - coolo@suse.com - adapt to proper gem packaging ------------------------------------------------------------------- Tue May 19 09:46:29 UTC 2015 - astieger@suse.com - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
